AD Trust Monitoring – what generates the alert and why it’s not auto resolved

When importing the Microsoft Active Directory Management pack, it normally generates quite a few alerts that needs to be solved and/or tuned.

One of the alerts I often see is the warning 'A problem has been detected with the trust relationship between two domains':

Followed by the critical alert 'A problem with the inter-domain trusts has been detected':

So what is it that generates the alerts?, the rule triggers on the Event ID 83 is the Operations Manager log, which is an event created by the Active Directory Monitor Trusts script when verifying the status of the trust.

 The Active Directory Monitor Trusts script configures the TrustMon WMI provider to return all trusts, and then it queries for all instances of the Microsoft_DomainTrustStatus object in the \root\MicrosoftActiveDirectory WMI namespace.

For each object that is returned; if the TrustType property of the object is not Downlevel or Uplevel (the other options are Kerberos Realm and DCE, which cannot be monitored effectively by TrustMon), the trust is ignored.

If the TrustType of the object indicates that it can be monitored, the TrustStatus property of the object is checked. If TrustStatus is not 0, the trust is in an error state and the trust and its TrustStatusString (a textual description of the current state of the trust) are formatted and relayed as the trust status.

The picture below shows how the WMI class looks like with a functioning and faulty trust:



So how do you solve the problem, well there can be many reasons to the error like name resolution, connectivity, decommissioned domain controllers etc. So there is no generic rule to solve it. Bottom line is to ensure all domain controllers can resolve and communicate with the PDC/PDCe in the target domain.

When you finally solve the problem with the faulty trust, you might wonder why the critical error doesn't auto-resolve. Well, that's because there unfortunately is an error in the AD management pack. But no worries, a small override and the monitor works like a charm. Just set the LogSuccessEvent on the AD Trust Monitor to 'true' and the monitor will automatically auto-resolve when the trust is verifed and the TrustStatus equals 0.

Click here if you want to read more about the Microsoft DomainTrustStatus Class




Comments (5)
  1. Frederic Oriol says:

    Thank you!!! I have been scratching my head for a while for this.

  2. Sven says:

    Indeed, i encountered the issue on scom 2012 also

  3. MS Discussions says:

    Also noticed that any attempt to override alert severity has no effect. Object still appears as critical

  4. tarkan says:

    see and perhabs when using SCOM 2012. the Logsuccessevent is now true by default!

  5. showbox app says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets. – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android.
    The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.

Comments are closed.

Skip to main content